Migrate to PHPStan, inline code-quality-pack deps, add Infection & tests#7
Merged
Merged
Conversation
- Keep PHP >=8.1 (hold PHPUnit at ^10.5; pin Infection to ^0.27 || ^0.28) - Replace setono/code-quality-pack meta-package with its individual latest deps (PHPStan stack, Rector 2, sylius-labs/coding-standard, shipmonk analyser, ergebnis normalize, Infection, prophecy) - Replace Psalm with PHPStan (level max, phpVersion 8.1-8.4); remove psalm.xml and @psalm-suppress annotations, fixing the underlying issues - Update rector.php to the Rector 2 API; update CI (psalm->phpstan, add mutation-testing job) - Add tests for previously-untested classes: 100% MSI / 100% mutation code coverage (49 tests) - Bump LICENSE copyright year to 2026
loevgaard
commented
Jun 15, 2026
…rices resolve Composer 2.10 blocks installing package versions with active security advisories during update. That breaks the --prefer-lowest jobs and the EOL Symfony ~7.0.0 matrix (all 7.0.x http-foundation releases carry advisories), which must install old versions by design. Set config.policy.advisories.block=false (root-only, affects this repo's CI only).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Reworks the dev tooling and test suite while keeping PHP >= 8.1 support.
Keep PHP >= 8.1
composer.jsonstill requires"php": ">=8.1".^10.5(PHPUnit 11 needs 8.2); Infection pinned to^0.27 || ^0.28(0.29+ needs 8.2).phpVersion.min/max).Inline latest code-quality-pack deps
setono/code-quality-packwith its individual v3.4.0 tools inrequire-dev: PHPStan + doctrine/symfony/phpunit/strict-rules/webmozart extensions,jangregor/phpstan-prophecy, Rector 2,sylius-labs/coding-standard4.5,ergebnis/composer-normalize,shipmonk/composer-dependency-analyser, Infection,phpspec/prophecy-phpunit.phpspec/prophecydirectly (the new tests useProphecy\Argument, flagged by the dependency analyser).Replace Psalm with PHPStan
psalm.xml, addedphpstan.neon.dist(level: max, extensions auto-loaded viaphpstan/extension-installer).@psalm-suppressannotations and fixed the underlying issues (explicit nullable types, generic phpdoc on the Doctrine event arg, aligned entity metadata types to upstreamsetono/clientv1.1.2).LazyGhostTrait__construct()idiom.rector.phpto the Rector 2 API; CI now runsphpstaninstead ofpsalm.Add missing tests
--min-msi=100 --min-covered-msi=100.Misc
LICENSEcopyright year to 2026.Test plan
composer analyse(PHPStan) ✅composer phpunit(49 tests) ✅composer check-style(ECS) ✅vendor/bin/composer-dependency-analyser✅vendor/bin/rector process --dry-run(clean) ✅composer validate --strict/composer normalize --dry-run✅composer infection(100% MSI) ✅